<?php
session_start();
header("Content-Type: text/html;charset=utf-8");
//管理员审核
include "../public/common/config.php";

$username = $_POST['username'];
$password = md5($_POST['password']);

$sql = "select * from user where username = '{$username}' and password = '{$password}'";
//echo $sql;exit;

$result = mysql_query($sql);
$row = mysql_fetch_assoc($result);

if($row){
	$_SESSION['admin_username'] = $username;
	$_SESSION['admin_userid'] = $row['id'];
	$_SESSION['admin_areaid'] = $row['area_id'];
	$_SESSION['admin_isadmin'] = $row['isadmin'];
	
	$sqlStore = "select id from store where user_id = '{$row['id']}'";
	$resStore = mysql_query($sqlStore);
	$rowStore = mysql_fetch_assoc($resStore);
	
	$_SESSION['admin_storeid'] = $rowStore['id'];
	
	if($row['isadmin'] == 0){
		echo '<script>location="admin_super.php"</script>';
	}elseif($row['isadmin'] == 1){
		echo '<script>location="admin.php"</script>';
	}else{
		echo '<script>location="user.php"</script>';
	}	
}else{
	echo '<script>alert("用户名或密码有误")</script>';
	echo '<script>location="login.php"</script>';
}
?>